Users are increasingly performing tasks using remote computing resources, often referred to as part of “the cloud.” This has many advantages, as users do not have to purchase and maintain dedicated hardware and software, and instead can pay for only those resources that are needed at any given time, where those resources typically will be managed by a resource or “cloud” provider. It will often be the case that a user will want one or more cloud resources to perform actions on behalf of the user. These and other actions may cause anomalous behavior with regard to the resources, such that the actions of one user can affect performance or security of other users because of the anomalous behavior, which may be intentionally malicious. While some security measures may be in place to identify the presence of anomalous behavior, these security measures may require expensive access to customer data and/or require significant overhead of the computing resources in order to identify anomalous behavior.